Option for redundant route processors, fabric cards, power modules and system controllers

Extreme focus on optimized power consumption in watts/Gbps

An infrastructure for hosting applications

Programmability with YANG model based APIs

The latest release of Cisco IOS XR operating system opens up the architecture of Cisco IOS XR using a 64-bit Linux-based operating
system to deliver greater agility, automation and simplicity, while reducing cost of operating the networks.

Cisco Feature Deployment Recommendation

In evaluating the use of features in the Cisco IOS XR Release 6.3.2, consider the below classification of features before
deploying:

Category 1—Features are ready for full scale deployment.

Category 2—Feature behavior will be strengthened with a SMU as needed.

Category 3—Features are recommended only for EFT and Lab Certification. Large scape deployment will be supported in future
releases.

Please contact the Cisco Deployment team or your Account Team to understand whether the features you are implementing are
ready for deployment in your network.

Software Features Introduced in Cisco IOS XR Software Release 6.3.2

Smart Licensing

Smart Licensing is a cloud-based, software license management solution that enables you to automate time-consuming, manual
licensing tasks. The solution allows you to easily track the status of your license and software usage trends.

Note

By default Smart Licensing is enabled.

Only non-consumption model Smart Licensing is supported.

For information on configuring Smart Licensing, see the chapter Software Entitlement in the System Management Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

For more information,
see the
Routing
Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release
6.3.x.

Egress IPv4 ACLs on BVIs

Bridge Virtual Interfaces (BVIs) provide a bridge between the routing and bridging domains on a router. A BVI is configured
with an IP address and operates as a regular routed interface. You can configure an ACL on a BVI to filter the traffic for
the network that uses the interface.

To know how to configure an IPv4 egress ACL on a BVI, see the ACLs on Bridge Virtual Interfaces section in the IP Addresses and Services Configuration Guide for Cisco NCS 5500 Series Routers.

IPv4 ACL Matching on Fragment Type

Most DoS (Denial of Service) attacks work by flooding the network with fragmented packets. By filtering the incoming fragments
of the packet in a network, an extra layer of protection can be added against such attacks. You can configure an IPv4 ACL
to match on the fragment type, and perform an appropriate action.

For information about configuring an IPv4 ACL to match by the various fragment types, see Configuring an IPv4 ACL to Match on Fragment Type section in the IP Addresses and Services Configuration Guide for Cisco NCS 5500 Series Routers. For information about the various fragment types to match on, see the following command pages in the IP Addresses and Services Command Reference for Cisco NCS 5500 Series Routers.

dont-fragment

is-fragment

first-fragment

last-fragment

IP-MIB Support for IPv4

IOS-XR implementation of IP-MIB now supports IPv4 statistics as per RFC4293. Refer to the SNMP OID Navigator for a list of new OIDs added for iPv4 statistics.

IS-IS VRF Aware Lite

The feature adds the possibility to run an Integrated Intermediate System-to-Intermediate System (IS-IS) process in the context
of a non-default VPN routing and forwarding (VRF). Both IPv4 and IPv6 are supported. The implementation is more suitable for
VRF-lite scenarios.

For more information,
see the
Routing
Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release
6.3.x.

ACLs Matching on TTL Value

You can configure ACLs to match on the TTL value specified in the IPv4 or IPv6 header. You can specify the TTL match condition
to be based on a single value, or multiple values. You can also rewrite the TTL value in the IPv4 or IPv6 header by using
the set ttl command. TTL matching is supported only for ingress ACLs.

ACLs that are shared across interfaces and use the same TCAM space are known as shared ACLs. However, you can configure only
31 unique, shared ACLs. To configure more unique ACLs, ACL sharing must be disabled by using the interface-based command. By making the ACLs unique for an interface, you can configure more than 31 ACLs.

For information on configuring ACLs to match on TTL values and configuring unique ACLs, see the Configuring TTL Matching for IPv4 ACLs and Configuring TTL Matching for IPv6 ACLs sections in the IP Addresses and Services Configuration Guide for Cisco NCS 5500 Series Routers.

Explicit Binding Segment Identifier (BSID)

A binding segment is a local segment that identifies an SR-TE policy. Each SR-TE policy is associated with a binding segment
ID (BSID). By default, a BSID is allocated automatically for each SR-TE policy when the SR-TE policy is instantiated.

The Explicit BSID feature allows you to request that the SR-TE policy uses a BSID value that you provide. Explicit BSIDs are
allocated from the segment routing local block (SRLB) or the dynamic range of labels. You can also specify how the BSID allocation
behaves if the BSID value is not available.

For more information on this feature, see the Configure SR-TE Policies chapter in the Segment Routing Configuration Guide for NCS 5500 Series Aggregation Services Routers.

BGP Commit Replace for Neighbour Groups

BGP commit replace for neighbour groups feature allows you to move an autonomous system from a BGP neighbour to a BGP neighbour
group in a single IOS-XR commit.

Conditional Marking of MPLS Experimental bits for L3VPN Traffic

Conditional Marking of MPLS Experimental bits for L3VPN Traffic feature enables the user to configure the conditional marking
of MPLS Experimental bits for L3VPN Traffic on the Provider Edge routers in the imposition direction.

For more information on this feature, see the Configuring Modular QoS Service Packet Classification chapter in the Modular QoS Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

BER and LFS Optimization on 10/40/100Gbps Interfaces"

Bit Error Rate (BER) is a number of bit errors per unit time that determines the reliability of a link. The system supports
BER on 10/40/100 GE interfaces. The system raises an alarm or brings down the TX of an interface once the error value crosses
the configured threshold value.

Link fault signalling (LFS) is a physical layer protocol that enables communication on a link between Ethernet devices. When
you configure a device on a network, the port can detect and report fault conditions on transmit and receive ports.

For more information, see the Interface and Hardware Component Configuration Guide for Cisco NCS 5500 Series Routers guide.

10G DWDM Tunable Optics

This feature provides tunable support for the dense wavelength-division multiplexing (DWDM) wavelengths of the DWDM-XFP-C
module on the Cisco NCS 5500 Series Aggregation Services Routers. You can configure the DWDM ITU wavelengths by using the
itu channel command in the interface configuration mode.

For more information, see the Interface and Hardware Component Configuration Guide for Cisco NCS 5500 Series Routers guide.

DWDM Optics with Limiting Electrical Receiver

This features provides support for DWDM optics PID. The itu channel command ensures that the traffic continues to flow. The
modules have the operating wavelengths according to ITU-T G.692 at 100GHz grids in C-band.

For more information, see the Interface and Hardware Component Configuration Guide for Cisco NCS 5500 Series Routers guide.

LLDP Support on the MGMT Interface

With the introduction of this feature, the system supports the IOS XR LLDP enablement over the Management Interfaces on Cisco
NCS 5500. This feature requires support from SPIO as LLDP uses SPIO for both transmission and reception of the frames.

For more information, see the Using Data Models chapter in Programmability Configuration Guide for Cisco NCS 5500 Series Routers.

MPLS Static LSP over BVI

By using a bridge-group virtual interface (BVI), you can convert multiple interfaces as members of a common broadcast domain.
MPLS static over BVI feature allows you to specify a BVI interface as nexthop while setting up a static label-switched path
(LSP).

For more information about configuring MPLS static over BVI feature, see MPLS Configuration Guide for Cisco NCS 5500 Series Routers, Release 6.3.x.

LDP over MPLS-TE

LDP over MPLS-TE feature combines the benefits of both LDP and RSVP protocols which are used to set up LSPs. While LDP is
easy to configure, RSVP has traffic engineering capabilities which help to avoid traffic congestions. In LDP over MPLS-TE,
an LDP signalled label-switched path (LSP) runs through a TE tunnel established using RSVP-TE.

For more information about configuring LDP over MPLS-TE feature, see MPLS Configuration Guide for Cisco NCS 5500 Series Routers, Release 6.3.x.

MPLS-TE Path Protection

Path protection provides an end-to-end failure recovery mechanism for MPLS-TE tunnels. A secondary Label Switched Path (LSP)
is established, in advance, to provide failure protection for the protected LSP that is carrying a tunnel's TE traffic. When
there is a failure on the protected LSP, the source router immediately enables the secondary LSP to temporarily carry the
tunnel's traffic.

For more information about configuring MPLS-TE path protection, see MPLS Configuration Guide for Cisco NCS 5500 Series Routers, Release 6.3.x.

BGP Large Community String

BGP communities provides a way to group destinations and apply routing decisions such as acceptance, rejection, preference,
or redistribution on a group of destinations using community attributes. BGP community attributes are variable length attributes
consisting of a set of one or more 4-byte values which are split into two parts of 16 bits to represent AS number and a locally
defined value. BGP large community is a 12 byte optional attribute which can accommodate 4 byte ASNs which cannot be accommodated
by the BGP community or the BGP extended community.

For more information about configuring BGP large community feature, see Routing Configuration Guide for Cisco NCS 5500 Series Routers
.

L2VPN VPLS or VPWS over SR-TE Preferred Path

L2VPN VPLS or VPWS over SR-TE Preferred Path feature allows you to set the preferred path between the two end-points for L2VPN
Virtual Private LAN Service (VPLS) or Virtual Private Wire Service (VPWS) using SR-TE policy.

For more information on this
feature, see the
L2VPN Preferred
Path over Segment Routing for Traffic Engineering Policy chapter in the
L2VPN and
Ethernet Services Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR
Release 6.3.2.

MPLS L3VPN Services
using Segment Routing

The MPLS L3VPN
Services using Segment Routing feature allows you to achieve better resilience
and convergence for the network traffic, by transporting MPLS L3VPN services
using Segment Routing (SR), instead of MPLS LDP. Segment routing can be
directly applied to the MPLS architecture without changing the forwarding
plane.

For more information
on this feature, see the
Implementing MPLS
Layer 3 VPNs chapter in the
L3VPN
Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release
6.3.2.

DHCPv6 Relay Agent

A DHCPv6 relay agent is a host that forwards DHCP packets between clients and servers that do not reside on a shared physical
subnet. Relay agent forwarding is distinct from the normal forwarding of an IP router where IP datagrams are switched between
networks transparently.

DHCP clients use User Datagram Protocol (UDP) broadcasts to send DHCP DISCOVER messages when they lack information about
the network to which they belong.

If a client is on a network segment that does not include a server, a relay agent is needed on that network segment to ensure
that DHCP packets reach the servers on another network segment. UDP broadcast packets are not forwarded, because most routers
are not configured to forward broadcast traffic. You can configure a DHCPv6 relay agent to forward DHCP packets to a remote
server by configuring a DHCPv6 relay profile and configure one or more helper addresses in it. You can assign the profile
to an interface or a VRF.

For more information, see IP Addresses and Services Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x.

BGP Dynamic Neighbor Authentication

BGP dynamic neighbor support allows BGP peering to a group of remote neighbors that are defined by a range of IP addresses.
Each range can be configured as a subnet IP address.

In larger BGP networks, implementing BGP dynamic neighbors can reduce the amount and complexity of CLI configuration and save
CPU and memory usage. Both IPv4 and IPv6 peering are supported.

For more information, see BGP Dynamic Neighbors chapter of the BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x.

MACSec Fallback Pre-Shared Key

Fallback is a session recovery mechanism when primary PSK fails to bring up secured MKA session. It ensures that a PSK is
always available to perform MACSec encryption and decryption.

In CAK rollover of primary keys, if latest active keys are mismatched, system performs a hitless rollover from current active
key to fallback key, provided the fallback keys match.

If a session is up with fallback, and primary latest active key configuration mismatches are rectified between peers, system
performs a hitless rollover from fallback to primary latest active key.

For more information, see System Security Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x.

Management Plane Protection for Third-Party Applications

Management Plane Protection (MPP) provides a mechanism for securing management traffic on the router. Without MPP, if the
service is enabled, the Cisco IOS XR allows the service traffic to pass through any interface with a network address.

MPP configuration for third-party application (TPA) enables to filter the traffic of TPA component, for example, gRPC component.
The addition of gRPC component controls the management protocol traffic and supports the management protocols for the TPA,
for example, gRPC. It also helps to control the gRPC application and filter the gRPC traffic through MPP configuration.

For more information, see MPP for Third Party Applications chapter of the System Security Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x.

MACSec Data Delay Protection

MACSec data delay protection allows MKA participants to ensure that the data frames protected by MACSec are not delayed by
more than 2 seconds. Each SecY uses MKA to communicate the lowest packet number (PN) used for transmission with the Secure
Association Key (SAK) within two seconds. Traffic delayed longer than 2 seconds are rejected by the interfaces enabled with
delay protection.

This provides additional security in preventing any man-in-the-middle attack (MITM) or replay attack.

For more information, see Creating a User-Defined MACsec Policy section of the Configure MACSec Chapter of the System Security Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x.

BGP Labeled Unicast
with Multiple Label Stack

BGP Labeled Unicast Multiple Label Stack feature enables the user to
make the XR router receive and advertise BGP LU updates with a stack of one or
more labels associated with the encoded prefix.

This feature provides the ability for a controller to push a multiple
label stack through BGP labeled unicast session onto the headend.

For information about
configuring BGP Labeled Unicast with Multiple Label Stack feature, see the
BGP Configuration
Guide for Cisco NCS 5500 Series Routers.

BPDU Transparency
with MACSec

BPDU Transparency with MACSec feature enables you to create tunnel
between a source customer edges (CE) device and destination CE devices and use
this tunnel to carry traffic between these two CEs.

For more information on this feature, see the
L2VPN and Ethernet Services Configuration Guide for Cisco NCS 5500
Series Routers, IOS XR Release 6.3.2.

IP Fast Reroute with Remote Loop Free Alternate (LFA)

Some topologies (for
example the commonly used ring-based topology) require protection that is not
afforded by Loop-Free Alternate (LFA) Fast Reroute (FRR) alone. In such cases,
use the Label Distribution Protocol (LDP)-based FRR Remote LFA feature where
IGPs compute non-directly connected neighbor, which are more than one hop away,
as LFA backup path to protect the given prefix's primary path. The LDP sets up
labeled backup LSP with the remote next-hop for the protected prefix. LDP also
sets up another transport LSP to tunnel traffic to remote next-hop without
exposing the LFA backup label as learnt from remote node.

Static LSP Next Hop Resolve with Recursive Prefix

Static LSP next hop resolve with recursive prefix feature supports resolution of recursive routes for static LSPs. This feature
enables you to specify a next-hop which is not directly connected for a static LSP destination.

For more information about configuring static LSP next hop resolve with recursive feature, see MPLS Configuration Guide for Cisco NCS 5500 Series Routers .

RPM Signing and Verification

Cisco IOS XR supports RPM signing and signature verification for Cisco IOS XR RPM packages in the ISO and upgrade images.
All RPM packages in the Cisco IOS XR ISO and upgrade images are signed to ensure cryptographic integrity and authenticity.
This guarantees that the RPM packages have not been tampered with and the RPM packages are from Cisco IOS XR. The private
key, used for signing the RPM packages, is created and securely maintained by Cisco.

IPv4 Multihop BFD

The IPv4 Multihop BFD feature provides sub-second forwarding failure detection for a destination more than one hop, and up
to 255 hops, away. The bfd multihop ttl-drop-threshold command can be used to drop BFD packets coming from neighbors exceeding a certain number of hops. BFD multihop is supported
on all currently supported media-type for BFD singlehop.

. For more information on the IPv4 Multihop BFD feature, see the Routing Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.2.

EVPN VPWS over SR-TE Preferred Path

EVPN VPWS over SR-TE Preferred Path feature allows you to set the preferred path between the two end-points for EVPN VPWS
pseudowire (PW) using SR-TE policy.

For more information on this
feature, see the
L2VPN Preferred
Path over Segment Routing for Traffic Engineering Policy chapter in the
L2VPN and
Ethernet Services Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR
Release 6.3.2.

EVPN Multiple
Services per Ethernet Segment

EVPN Multiple Services
per Ethernet Segment feature allows you to configure multiple services over
single Ethernet Segment (ES). Instead of configuring multiple services over
multiple ES, you can configure multiple services over a single ES. With this
feature you can optimize the use of resources, especially bandwidth and reduce
the cost of hardware.

For more information on this
feature, see the
EVPN
Features chapter in the
L2VPN and
Ethernet Services Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR
Release 6.3.2.

EVPN Support for V6
Hosts with Mobility

EVPN Support for V6
Hosts with Mobility feature enables you to provide EVPN IPv6 service over
IPv4-MPLS core network. This feature supports all-active multihoming and
virtual machine (VM) or host move.

For more information on this
feature, see the
Configure EVPN
IRB chapter in the
L2VPN and
Ethernet Services Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR
Release 6.3.2.

EVPN VPWS On-Demand
Next Hop with SR-TE

The EVPN VPWS
On-Demand Next Hop with SR-TE feature enables you to fetch the best path to
send traffic from the source to destination in a point-to-point service using
IOS XR Traffic Controller (XTC).

For more information on this
feature, see the
L2VPN Preferred
Path over Segment Routing for Traffic Engineering Policy chapter in the
L2VPN and
Ethernet Services Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR
Release 6.3.2.

BFD for Protocol Independent Multicast

The BFD Support for
Multicast (PIM) feature, also known as PIM BFD, registers PIM as a client of
BFD. PIM can then utilize BFD to initiate a session with an adjacent PIM node
to support BFD's fast adjacency failure detection in the protocol layer. PIM
registers with BFD. When PIM BFD is enabled, BFD notifies PIM about failures.

For more information
about configuring PIM BFD feature, see
Routing
Configuration Guide for Cisco NCS 5500 Series Routers, Release 6.3.x.

PIM on Bundle-Ethernet subinterface

The support for PIM on Bundle-Ethernet subinterface is introduced in this release.

IPv4 BFD for BGP on a Bundle Interface

IPv4 BFD for BGP over Bundle Interface feature, also known as Bidirectional Forwarding Detection (BFD) over Logical Bundle
feature implements and deploys BFD over bundle interfaces based on RFC 5880. The BFD over Logical Bundle (BLB) feature replaces
the BVLAN feature and resolves certain interoperability issues with other platforms that run BFD over bundle interface in
pure RFC5880 fashion.

For more information
on this feature, see the
Routing
Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release
6.3.2.

IPv6 Egress ACLs on Physical and Bundle Interfaces

Support has been provided for IPv6 egress ACLs on gigabit ethernet and bundle interfaces. To know more about the configuration
prerequisites and steps, see Configuring IPv6 ACLs in the IP Addresses and Services Configuration Guide for Cisco NCS 5500 Series Routers.

NC55-PWR-3KW-2HV—Dual-input high voltage AC-input or DC-input (HVAC/HVDC) power supply that provides 3.15KW with either 1
or 2 input power lines. This power supply is supported in the NCS 5500 modular chassis and provides n+n line redundancy mode in a single power supply for the Cisco NCS 5516 router.

Caveats Specific to the Cisco NCS 5500 Routers

Determine Firmware Support

Use the show hw-module fpd command in EXEC mode to view the hardware components with their current FPD version and status. The status of the hardware
must be CURRENT; Running and Programed version must be the same.

Table 4. PID and FPD Versions for Release 6.3.2

PID

FPD Device

FPD Versions

NCS55-RP

Bootloader

9.25

IOFPGA

0.09

NCS55-SC

Bootloader

1.74

IOFPGA

0.10

NC55-5508-FC

Bootloader

1.74

IOFPGA

0.16

NC55-36X100G

Bootloader

1.17

IOFPGA

0.15

MIFPGA

0.09

NC55-24X100G-SE

Bootloader

1.11

IOFPGA

0.13

MIFPGA

0.03

NC55-18H18F

Bootloader

1.11

IOFPGA

0.22

MIFPGA

0.03

NC55-36X100G-S

Bootloader

1.11

IOFPGA

0.1

MIFPGA

0.06

NC55-24H12F-SE

Bootloader

1.11

IOFPGA

0.09

MIFPGA

0.03

NCS-5501

Bootloader

1.16

CPU-IOFPGA

1.14

MB-IOFPGA

1.05

MB-MIFPGA

1.01

NCS-5501-SE

Bootloader

1.16

CPU-IOFPGA

1.14

MB-IOFPGA

1.11

MB-MIFPGA

1.02

NCS-5502

Bootloader

1.16

CPU-IOFPGA

1.14

DC-IOFPGA

1.05

DC-MIFPGA

1.02

MB-IOFPGA

1.05

MB-MIFPGA

1.02

NCS-5502-SE

Bootloader

1.16

CPU-IOFPGA

1.14

DC-IOFPGA

1.05

DC-MIFPGA

1.02

MB-IOFPGA

1.05

MB-MIFPGA

1.02

NC55-5516-FC

Bootloader

1.75

IOFPGA

0.23

NCS-55A1-36H-B

Bootloader

1.07

CPU-IOFPGA

1.14

MB-IOFPGA

1.01

MB-MIFPGA

1.02

NC55-6X200-DWDM-S

Bootloader

1.12

IOFPGA

0.11

DENALI

13.48

MORGOTH

5.17

MSFPGA

2.22

CFP2_PORT

5.23

NC55-36X100G-A-SE

MIFPGA

0.03

Bootloader

0.13

DBFPGA

0.14

IOFPGA

0.21

NC55-5504-FC

Bootloader

1.75

IOFPGA

0.07

NC55-RP-E

Bootloader

1.14

IOFPGA

0.21

OMGFPGA

0.48

NCS-55A1-24H

Bootloader

1.07

CPU-IOFPGA

1.14

NCS-55A1-36H-SE-S

Bootloader

1.07

CPU-IOFPGA

1.14

MB-IOFPGA

1.01

MB-MIFPGA

1.02

N540-24Z8Q2C-M

Bootloader

1.07

CPU-IOFPGA

0.03

MB-IOFPGA

0.16

MB-MIFPGA

0.04

Note

The FPD versions on board shipped by manufacturer may have higher versions than the FPD package integrated in the IOS XR.

Important Notes

The offline diagnostics functionality is not supported in NCS 5500 platform. Therefore, the hw-module service offline location command will not work. However, you can use the (sysadmin)# hw-module shutdown location command to bring down the LC.

The hw-module profile mfib statistics configuration command is not supported in this release.

The warning message that the smart licensing evaluation period has expired is displayed on the console every hour. There is,
however, no functionality impact on the device. To stop the repetitive messaging, register the device with the smart licensing
server and load a new registration token.

Use show mrib route summary command to gather correct number of (S,G) routes.

Upgrading Cisco IOS XR Software

Cisco IOS XR Software is installed and activated from modular packages, allowing specific features or software patches to
be installed, upgraded, or downgraded without affecting unrelated processes. Software packages can be upgraded or downgraded
on all supported card types, or on a single card (node).

The upgrade document is available along with the software images.

Caution

Before upgrading to a new release, you must install all available bridge SMUs of the current release.

Related
Documentation

The most current Cisco Network Convergence System 5500 Series documentation is located at this URL:

Production Software Maintenance Updates (SMUs)

A production SMU is a SMU that is formally requested, developed, tested, and released. Production SMUs are intended for use
in a live network environment and are formally supported by the Cisco TAC and the relevant development teams. Software bugs
identified through software recommendations or Bug Search Tools are not a basis for production SMU requests.

For information on production SMU types, refer the Production SMU Types section of the IOS XR Software Maintenance Updates (SMUs) guide.

Cisco Bug Search Tool

Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of
defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products
and software.